summaryrefslogtreecommitdiff
path: root/user/qt5-qtmultimedia/kde-lts.patch
diff options
context:
space:
mode:
Diffstat (limited to 'user/qt5-qtmultimedia/kde-lts.patch')
-rw-r--r--user/qt5-qtmultimedia/kde-lts.patch64
1 files changed, 64 insertions, 0 deletions
diff --git a/user/qt5-qtmultimedia/kde-lts.patch b/user/qt5-qtmultimedia/kde-lts.patch
new file mode 100644
index 000000000..510e88d18
--- /dev/null
+++ b/user/qt5-qtmultimedia/kde-lts.patch
@@ -0,0 +1,64 @@
+From c75ef0bb53562a62d67fb3247c9fc138356368b4 Mon Sep 17 00:00:00 2001
+From: Marc Mutz <marc.mutz@qt.io>
+Date: Thu, 19 May 2022 12:02:04 +0200
+Subject: [PATCH] QPulseAudioSource: fix UB (memcpy() called with nullptr dest)
+ in read()
+
+deviceReady() calls read(nullptr, 0), but calling memcpy() with a
+nullpt destination is UB, even if the length is simulateneously zero.
+
+Ditto applyVolume() (called from read()).
+
+Fix by guarding the memcpy() calls.
+
+Add assertions to indicate that for these functions, nullptr is valid
+input iff length is zero.
+
+Found by clangsa's core.NonNullParamChecker.
+
+Pick-to: 6.3 6.2 5.15
+Change-Id: I9006b0e933e196a7a212e0ebe2bd27f6b9552518
+Reviewed-by: Rafael Roquetto <rafael.roquetto@qt.io>
+(cherry picked from commit 8df415d5bcf23462bedb4cb7601b909851ee15dd)
+---
+ src/plugins/pulseaudio/qaudioinput_pulse.cpp | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/plugins/pulseaudio/qaudioinput_pulse.cpp b/src/plugins/pulseaudio/qaudioinput_pulse.cpp
+index 2b5325132..b68b4af1b 100644
+--- a/src/plugins/pulseaudio/qaudioinput_pulse.cpp
++++ b/src/plugins/pulseaudio/qaudioinput_pulse.cpp
+@@ -402,6 +402,8 @@ int QPulseAudioInput::bytesReady() const
+
+ qint64 QPulseAudioInput::read(char *data, qint64 len)
+ {
++ Q_ASSERT(data != nullptr || len == 0);
++
+ m_bytesAvailable = checkBytesReady();
+
+ setError(QAudio::NoError);
+@@ -411,7 +413,8 @@ qint64 QPulseAudioInput::read(char *data, qint64 len)
+
+ if (!m_pullMode && !m_tempBuffer.isEmpty()) {
+ readBytes = qMin(static_cast<int>(len), m_tempBuffer.size());
+- memcpy(data, m_tempBuffer.constData(), readBytes);
++ if (readBytes)
++ memcpy(data, m_tempBuffer.constData(), readBytes);
+ m_totalTimeValue += readBytes;
+
+ if (readBytes < m_tempBuffer.size()) {
+@@ -502,9 +505,10 @@ qint64 QPulseAudioInput::read(char *data, qint64 len)
+
+ void QPulseAudioInput::applyVolume(const void *src, void *dest, int len)
+ {
++ Q_ASSERT((src && dest) || len == 0);
+ if (m_volume < 1.f)
+ QAudioHelperInternal::qMultiplySamples(m_volume, m_format, src, dest, len);
+- else
++ else if (len)
+ memcpy(dest, src, len);
+ }
+
+--
+2.36.0
+